[PATCH 5.14 113/172] RDMA/hns: Add the check of the CQE size of the user space

From: Greg Kroah-Hartman
Date: Mon Oct 04 2021 - 09:37:17 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.14 111/172] RDMA/hfi1: Fix kernel pointer leak"
Previous message: Greg Kroah-Hartman: "[PATCH 5.14 112/172] RDMA/hns: Fix the size setting error when copying CQE in clean_cq()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.14 112/172] RDMA/hns: Fix the size setting error when copying CQE in clean_cq()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.14 111/172] RDMA/hfi1: Fix kernel pointer leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Wenpeng Liang <liangwenpeng@xxxxxxxxxx>

[ Upstream commit e671f0ecfece14940a9bb81981098910ea278cf7 ]

If the CQE size of the user space is not the size supported by the
hardware, the creation of CQ should be stopped.

Fixes: 09a5f210f67e ("RDMA/hns: Add support for CQE in size of 64 Bytes")
Link: https://lore.kernel.org/r/20210927125557.15031-3-liangwenpeng@xxxxxxxxxx
Signed-off-by: Wenpeng Liang <liangwenpeng@xxxxxxxxxx>
Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/infiniband/hw/hns/hns_roce_cq.c | 31 ++++++++++++++++++-------
1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/drivers/infiniband/hw/hns/hns_roce_cq.c b/drivers/infiniband/hw/hns/hns_roce_cq.c
index 1e9c3c5bee68..d763f097599f 100644
--- a/drivers/infiniband/hw/hns/hns_roce_cq.c
+++ b/drivers/infiniband/hw/hns/hns_roce_cq.c
@@ -326,19 +326,30 @@ static void set_cq_param(struct hns_roce_cq *hr_cq, u32 cq_entries, int vector,
INIT_LIST_HEAD(&hr_cq->rq_list);
}

-static void set_cqe_size(struct hns_roce_cq *hr_cq, struct ib_udata *udata,
- struct hns_roce_ib_create_cq *ucmd)
+static int set_cqe_size(struct hns_roce_cq *hr_cq, struct ib_udata *udata,
+ struct hns_roce_ib_create_cq *ucmd)
{
struct hns_roce_dev *hr_dev = to_hr_dev(hr_cq->ib_cq.device);

- if (udata) {
- if (udata->inlen >= offsetofend(typeof(*ucmd), cqe_size))
- hr_cq->cqe_size = ucmd->cqe_size;
- else
- hr_cq->cqe_size = HNS_ROCE_V2_CQE_SIZE;
- } else {
+ if (!udata) {
hr_cq->cqe_size = hr_dev->caps.cqe_sz;
+ return 0;
+ }
+
+ if (udata->inlen >= offsetofend(typeof(*ucmd), cqe_size)) {
+ if (ucmd->cqe_size != HNS_ROCE_V2_CQE_SIZE &&
+ ucmd->cqe_size != HNS_ROCE_V3_CQE_SIZE) {
+ ibdev_err(&hr_dev->ib_dev,
+ "invalid cqe size %u.\n", ucmd->cqe_size);
+ return -EINVAL;
+ }
+
+ hr_cq->cqe_size = ucmd->cqe_size;
+ } else {
+ hr_cq->cqe_size = HNS_ROCE_V2_CQE_SIZE;
}
+
+ return 0;
}

int hns_roce_create_cq(struct ib_cq *ib_cq, const struct ib_cq_init_attr *attr,
@@ -366,7 +377,9 @@ int hns_roce_create_cq(struct ib_cq *ib_cq, const struct ib_cq_init_attr *attr,

set_cq_param(hr_cq, attr->cqe, attr->comp_vector, &ucmd);

- set_cqe_size(hr_cq, udata, &ucmd);
+ ret = set_cqe_size(hr_cq, udata, &ucmd);
+ if (ret)
+ return ret;

ret = alloc_cq_buf(hr_dev, hr_cq, udata, ucmd.buf_addr);
if (ret) {
--
2.33.0

Next message: Greg Kroah-Hartman: "[PATCH 5.14 111/172] RDMA/hfi1: Fix kernel pointer leak"
Previous message: Greg Kroah-Hartman: "[PATCH 5.14 112/172] RDMA/hns: Fix the size setting error when copying CQE in clean_cq()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.14 112/172] RDMA/hns: Fix the size setting error when copying CQE in clean_cq()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.14 111/172] RDMA/hfi1: Fix kernel pointer leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]